SQLMap v0.8 released

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Support to parse -C (column name(s)) when fetching columns of a
table with —columns: it will enumerate only columns like the provided
one(s) within the specified table (Bernardo).

Support for takeover features on PostgreSQL 8.4 (Bernardo).

Enhanced —priv-esc to rely on new Metasploit Meterpreter’s
’getsystem’ command to elevate privileges of the user running the
back-end DBMS instance to SYSTEM on Windows (Bernardo).

Automatic support in —os-pwn to use the web uploader/backdoor to
upload and execute the Metasploit payload stager when stacked queries
SQL injection is not supported, for instance on MySQL/PHP and
MySQL/ASP, but there is a writable folder within the web server
document root (Bernardo and Miroslav).